Authentication issues include:
- How does the RP (in some cases this may be the selector client) discover what type of authentication materials are required? How are these types described (e.g. as a URI)?
- What types of authentication materials should be supported?
- How should the authentication credentials be serialized in the data sharing protocol?
RP Authentication Scheme Discovery
How the RP discovers the kind of authentication materials required depends on the type of value of the resource-udr claim. There are two possibilities. If the value is an Entity UDI then the type of authentication materials is described as a URI in the XRD of the target Context that is found during URI resolution. If, on the other hand, the value is an XRD, then the URI describing the type of authentication material required will be included in this XRD. These URIs are described in the the Authentication Material Types section of Authentication Materials.
Authentication Credential Serialization
This issue lives at two levels:
How will authentication credentials be serialized at the IdAS layer?
2009-02-26 – TODO - Markus to post a proposal.
Data Sharing Protocol Layer
How authentication data is serialized is protocol dependent. This serialization must be covered by the data sharing protocol specifications and if necessary the schema/dictionary specifications used by that protocol for the specific authentication schemes.
To use XDI as an example, the overall serialization formats for XDI are being defined in the XDI Serialization specification. Then the encoding of the specific XDI data types involved with a particular authentication scheme is specified in the XDI dictionary defining those data types. (XDI dictionaries semantics is being defined in the XDI Dictionary specification.)